[Bug] Fable 5 safeguard over-flags defensive security hardening as offensive activity
Bug Description
Title: Fable 5 safeguard false-positives on defensive security work (own codebase)
Summary
During a working session focused entirely on defensive security hardening of my own production service (a recruitment platform), the Fable 5 safeguard triggered repeatedly and force-switched the model to Opus 4.8. Every flagged action was about closing vulnerabilities in my own code - not offensive security, not exploit
development, not targeting third parties.
What the work actually was (all defensive, all my own codebase)
- Added a trigger to prevent users. role self-escalation (a real privilege-escalation hole where a logged-in user could set their own row to admin)
- Restored missing WITH CHECK clauses on RLS UPDATE policies; hardened column-level GRANTs to least-privilege (revoked table-wide anon write grants).
- Blocked public API exposure of internal inference columns (per-gender age estimates, internal company risk assessments) for legal compliance (Korean anti-discrimination / defamation risk).
- Added a privilege-change audit log and anon-session regression tests.
- Fixed a regression where non-member view logging silently broke.
The problem
1. Defensive work is flagged as if offensive. Terms Like "privilege escalation", "RLS bypass", "GRANT", "column exposure" appear because I'm fixing these, yet the classifier flags them.
2. Context bleed. Once the session became security-themed, the safeguard began flagging completely benign follow-ups - cleaning up a git branch, editing documentation.
These have zero security-sensitivity; they were flagged only because the surrounding conversation was about security.
3. Workflow disruption. Each flag force-switches the model mid-task, breaking continuity. I had to re-select Fable 5 many times.
Request
- Distinguish defensive security work (fixing vulnerabilities in one's own code) from offensive activity. Reviewing/patching RLS, GRANTS, and auth guards on your own service is standard, responsible engineering.
- Reduce context carry-over false-positives, where a security-themed session causes unrelated, benign requests (git ops, docs) to be flagged.
Impact / severity: Not blocking (Opus is capable), but the repeated, unwarranted model switches on legitimate defensive-security and unrelated benign work are disruptive and, frankly, discouraging for exactly the kind of security-conscious development you'd want to support.
Environment Info
- Platform: darwin
- Terminal: vscode
- Version: 2.1.210
- Feedback ID: 155a8488-700c-46d8-b66e-41666cd2dc95
Errors
[]This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗